Chronosphere Onboarding Guide
Forward logs directly to Panther using Chronosphere Telemetry Pipeline
Last updated
Was this helpful?
Forward logs directly to Panther using Chronosphere Telemetry Pipeline
Last updated
Was this helpful?
is a flexible telemetry pipeline that can stream logs from a variety of sources to an in Panther.
While this guide only explains how to configure Chronosphere Telemetry Pipeline with a Panther HTTP Source, it is also possible to stream logs to an in Panther. If you would like to stream logs to an S3 Source, use the in Chronosphere Telemetry Pipeline.
Ensure you have followed the , which includes creating a . Chronosphere Telemetry Pipeline can run on Linux and Kubernetes environments.
If your raw logs need to be filtered out or transformed in some way, those actions can happen in Chronosphere or Panther.
In the Chronosphere Telemetry Pipeline web interface, you can filter or transform logs by:
In Panther, you can filter or transform logs by:
Follow .
For the authentication method, select .
If you created a schema in Panther in Step 1, attach it to the source. If you haven't created a schema yet, you can .
If you'd like to use , follow one of the instructions sets below:
In the Chronosphere Telemetry Pipeline web interface, navigate to your Core Instance.
In the Add or Edit Source slide-out panel, select a source tile.
Configure the source as desired, then click Save.
Under General, set the following fields:
Host: Enter the HTTP Source URL you generated in Panther in Step 2.
Port: Enter 443
.
URI: Enter the end of the HTTP Source URL you generated in Panther in Step 2, starting with /http/
.
Under Advanced, add a Key/Value pair under Headers.
Key: Enter the Shared Secret key you entered in Panther in Step 2.
Click Save.
Configure your log sources to route to the endpoint or port defined by the pipeline’s source(s).
Using a
Defining
If you'd like to use these tools in Chronosphere, you will configure them in , below.
Using
Using a parser in the associated
Using in the associated
If you'd like to use a parser or transformations in Panther, now. If you'd like to use ingestion filters in Panther, you'll configure them in , below.
Under Kubernetes Namespaces, click Create a custom pipeline.
Click + Source to add a source.
Click + Destination to add an .
On the Add or Edit Destination slide-out panel, under Network Based, click HTTP.
Example: /http/cb015ee4-543c-4489-9f4b-testaa16d7a
Value: Enter the Shared Secret value you generated or entered in Panther in Step 2.
Under Security and TLS, click the TLS checkbox and set TLS Certificate Validation to on.
(Optional) Add processing rules to your pipeline by following the Chronosphere .
Click Save and deploy.